Information from our guest, Bruce Moran:
2016 This article
first appeared on the Council on Foreign Relations site.
Late on Wednesday, March 23, 2016 the Department of Justice
announced that Su Bin, a Chinese national living in Canada, had
guilty to “participating in a years-long conspiracy to hack into
the computer networks of major U.S. defense contractors, steal
sensitive military and export-controlled data and send the stolen
data to China.
WHY WHERE CHINESE DIPLOMATS NOT EXPELLED?
Over several years, under Su’s direction, two
stole some 630,000 files from Boeing related to the C-17
military transport aircraft, as well as data about the F-35
and F-22 fighter jets. The information included
detailed drawings; measurements of the wings, fuselage and other
parts; outlines of the pipeline and electric wiring systems; and
flight test data.
A U.S. Air Force F-22 Raptor fighter jet performs maneuvers during
the California International Airshow in Salinas, California, on
September 27, 2015. Over several years, under Su Bin’s direction,
two hackers stole 630,000 files from Boeing related to the C-17
military transport aircraft, as well as data about the F-35 and F-22
fighter jets. Michael Fiala/Reuters
Su’s conspirators remain unidentified and at large. The 2014
indictment refers to the co-conspirators as “affiliated with
multiple organizations and entities.” The plea announcement refers
to them as “two persons in China” and says nothing more about them.
documents submitted as part of Su’s extradition hearing, the
U.S. government identified them as
People’s Liberation Army (PLA) hackers. The documents included
intercepted emails with digital images attached that showed military
IDs with name, rank, military unit and date of birth.
Still unknown is whether Su and the hackers operated on their own or
were directed by Chinese government officials. Were they motivated
by profit, patriotism or some combination of the two?
Much of the correspondence makes the hackers sound like PLA
freelancers. Marketing themselves, they tell Su they were involved
in previous attacks on defense industries as well as Tibetan and
pro-democracy activists—targets with no commercial value but of
interest to the government.
Why the US Hasn’t Pinned the OPM Hack on China.
By Robert Knake Senior Fellow for Cyber Policy,
Foreign Relations Read
June 18, 2015
Getting China to stop this activity is at the top of Washington's
diplomatic agenda. Stopping foreign
intelligence services from spying, however, is not.
The theft of data from the Office of Personnel Management (OPM)
06/15/15 (100,000 plus - with national
security clearances) has made great fodder for two weeks
of cable news. Banner headlines have declared it an act of cyber
warfare carried out by the Chinese government. Yet, while Twitter
has been abuzz, official statements attributing the attack have yet
There are two likely explanations for why the White House has not
pinned the incident on China. The first possibility is that the
evidence is not there yet. Given time, attribution may get to the
point at which a public accusation would be warranted. A more
intriguing option is that the administration hasn’t called China out
because, under emerging norms for espionage in cyberspace,
information on Federal employees is considered a legitimate target.
Assuming the Chinese government was behind the incident, its cyber
spies were doing exactly what they were trained to do. They were
also doing exactly what we should expect them to do, and what we
should be prepared to counter. As General Michael Hayden, former
director of both the NSA and the CIA in the Bush Administration put
it, “This isn’t shame on China. This is shame on us.”
When the Obama Administration has come out and publicly accused
another country for a cyber attack, it hasn’t been for this kind of
state-on-state spying. What the Obama Administration has strongly
objected to is China’s campaign of economic espionage against
American companies. In May of 2014, the Justice Department went as
far as to hand down
indictments for five Chinese military hackers, accusing them of
carrying out a multi-year campaign to steal industrial secrets from
U.S. companies for the purpose of sharing that information with
Director of National Intelligence James Clapper has stated in clear
terms that the United States intelligence community does not engage
in this kind of spying. To do so would undermine the global
marketplace by providing an unfair advantage to state-owned
enterprises (of which the United States has none).
Getting China to stop this activity is at the top of our diplomatic
agenda. Stopping foreign intelligence services from spying is not.
If the Obama Administration had taken the
advice of former Ambassador to the United Nations John Bolton,
and kicked the Chinese Ambassador out of the country in response to
the OPM attack, we would be setting a standard to which we would not
wish to be held.
WIKIpedia: In June 2015, the
United States Office of Personnel Management (OPM) announced
that it had been the target of a
targeting the records of as many as four million people. Later,
James Comey put the number at 18 million.
The data breach, which had started in March 2014, and may have
started earlier, was noticed by the OPM in April 2015.
It has been described by federal officials as among the largest
breaches of government data in the history of the United States.
Information targeted in the breach included
personally identifiable information such as
Social Security numbers,
as well as names, dates and places of birth, and addresses.
The hack went deeper than initially believed and likely involved
theft of detailed security-clearance-related background information.
One victim wrote that the OPM is the agency that asks your neighbors
what they know about you that could be used to blackmail you.
Successfully Hacking US, But Less
(BJM Because they have already infiltrated (breached) the system?
Cannot find out how they are in the system....)
New FireEye report shows significant decline in the number of
Chinese cyber espionage attacks on the US since 2014, but China has
definitely not stopped the intellectual property theft.
Successful cyberattacks by China hacker groups targeting corporate
networks in the US and other regions have dramatically decreased
since mid-2014, a new report finds. Even so, China continues to wage
attacks in order to steal intellectual property despite political
pressure by the US government -- and China's cyber espionage
campaigns appear to be more streamlined.
So in case you were wondering whether the historic “no-hack” pact in
September 2015 between President Barack Obama and Chinese president
Xi Jinping -- where the two leaders promised not to wage
cyberattacks for economic gain -- has made a difference, the answer
is both yes and no. While no one expected major change in the wake
of the pact, there have been some noticeable shifts in the volume of
attacks by China in the past couple of years, according to new
findings from FireEye. The pact is one of several factors, including
earlier political and economic forces that were already under way
beforehand, according to FireEye.
FireEye concluded that since 2013 when it first exposed China’s
infamous APT1 cyber espionage operation led by the PLA, China’s
hacking is “less voluminous but more focused, calculated, and still
successful in compromising” companies’ networks. Of a total of 262
compromises, FireEye found that China had executed more than 70
successful attacks in April 2014; 40 in July 2015; and fewer than
five in May 2016.
Sponsor video, mouseover for sound
Jordan Berry, principal threat analyst with FireEye, says the
findings show some changes in the way China’s hacking machine
operates, but the groups are still very much active and targeting
companies’ intellectual property and personally identifiable
information. “We observed an overall cyber activity decline in
mid-2014 [by China], although they did not cease operations and they
continue … albeit in lower volume,” Berry says. “A confluence of
events” drove the decline in attacks, he says.
FireEye studied the number of network compromises by suspected
China-based hackers starting in early 2013 through June 2016,
drawing from its Mandiant incident response cases, and FireEye’s
cloud-based network monitoring as well as its threat intelligence
data. They found 262 successful network attacks by 72 different
suspected China-based groups: of those attacks, 182 hit US
From September 2015 until this month, FireEye says just 13 suspected
China-based hacking teams broke into corporate networks in the US,
Europe, and Japan, as well as commercial, government, and military
organizations in nations near China, including Russia. “However,
since mid-2014, we have observed an overall decrease in successful
network compromises by China-based groups against organizations in
the U.S. and 25 other countries. These shifts have coincided with
ongoing political and military reforms in China, widespread exposure
of Chinese cyber activity, and unprecedented action by the U.S.
government,” FireEye’s report says.
Among the factors likely behind the decline in the number of
cyberattacks on the US, according to FireEye: Xi’s military reforms
as well as centralization of China’s cyber operations since he first
took office in 2012; research exposing Chinese cyber espionage
activity; and intensified US pressure on China, including the US
indictment of five members of the Chinese military for allegedly
hacking and stealing trade secrets of major American steel, solar
energy, and other manufacturing companies, including Alcoa,
Westinghouse Electric, and US Steel.
Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada
July 30 through Aug. 4, 2016. Click for information on the
conference schedule and to register.
“Although many in the U.S. initially doubted that these actions
would have any effect, they may have prompted Beijing to reconsider
the execution of its network operations,” according to FireEye's
Other security research firms have seen some shifts in China’s
intellectual theft hacking over the past year as well. Costin Raiu,
director of the global research and analysis team at Kaspersky Lab,
in an interview in February said his firm’s researchers witnessed a
dramatic drop in Chinese-speaking APTs going after US and UK
organizations’ intellectual property in the wake of the Obama-Xi
pact. But Kaspersky Lab also witnessed at 300% increase in attacks
on Russian targets by Chinese groups in a period of two months.
“Immediately after the signing of the agreement, there was silence”
in attacks against the US, Raiu said. “Then there were some small
bits and pieces of random noise … but after that, they
[Chinese-speaking APTs] completely went silent in the US and UK,”
Raiu said, referring to Xi’s similar no-hack deal in October with
Prime Minister Cameron in the UK.
INDEX OF RADIO
WE THE PEOPLE RADIO